1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-24 21:34:08 +03:00

homectl: don't use password cache if we operate on other user

This commit is contained in:
Lennart Poettering 2021-04-23 16:14:57 +02:00
parent ea086f0610
commit 7bdbafc261
3 changed files with 23 additions and 0 deletions

View File

@ -1072,3 +1072,16 @@ int fgetsgent_sane(FILE *stream, struct sgrp **sg) {
return !!s;
}
#endif
int is_this_me(const char *username) {
uid_t uid;
int r;
/* Checks if the specified username is our current one. Passed string might be a UID or a user name. */
r = get_user_creds(&username, &uid, NULL, NULL, NULL, USER_CREDS_ALLOW_MISSING);
if (r < 0)
return r;
return uid == getuid();
}

View File

@ -109,3 +109,5 @@ int putsgent_sane(const struct sgrp *sg, FILE *stream);
#endif
bool is_nologin_shell(const char *shell);
int is_this_me(const char *username);

View File

@ -220,6 +220,10 @@ static int acquire_existing_password(
return 1;
}
/* If this is not our own user, then don't use the password cache */
if (is_this_me(user_name) <= 0)
SET_FLAG(flags, ASK_PASSWORD_ACCEPT_CACHED|ASK_PASSWORD_PUSH_CACHE, false);
if (asprintf(&question, emphasize_current ?
"Please enter current password for user %s:" :
"Please enter password for user %s:",
@ -269,6 +273,10 @@ static int acquire_token_pin(
return 1;
}
/* If this is not our own user, then don't use the password cache */
if (is_this_me(user_name) <= 0)
SET_FLAG(flags, ASK_PASSWORD_ACCEPT_CACHED|ASK_PASSWORD_PUSH_CACHE, false);
if (asprintf(&question, "Please enter security token PIN for user %s:", user_name) < 0)
return log_oom();